USER-CONVENIENT AUTHENTICATION METHOD AND APPARATUS USING A MOBILE AUTHENTICATION APPLICATION
First Claim
1. A method for securing interaction with an application by a user who remotely accesses said application through an access device that is connected to an application server hosting said application, comprising the steps of:
- at a user authentication device capturing a signal emitted by the access device, said signal encoded with an authentication initiating message, said authenticating initiating message comprising at least an application identifier corresponding to an identity of the application;
at the user authentication device decoding said signal and obtaining the authentication initiating message;
at the user authentication device retrieving from the authentication initiating message the application identifier;
at the user authentication device using the application identifier to obtain a human interpretable representation of the application identity and presenting the obtained application identity representation to the user using a user output interface of the user authentication device;
at the user authentication device obtaining from the user, using a user input interface of the user authentication device, an approval for generating a response message and making the response message available to a verification server;
at the user authentication device generating a dynamic security value using a first cryptographic algorithm parameterized with a cryptographic dynamic security value generation key and using at least one personalized data element that is associated with the particular user or the particular user authentication device, wherein the generated dynamic security value is cryptographically linked to the application identity presented to the user;
at the user authentication device generating a response message comprising at least the generated dynamic security value;
making the generated response message available to a verification server;
at the verification server receiving the response message;
verifying the response message including verifying the validity of the dynamic security value;
communicating the result of the verification of the response message to the application.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatus, and systems for securing application interactions are disclosed. Application interactions may be secured by, at a user authentication device, capturing a signal emitted by an access device encoded with an authentication initiating message including an application identifier, decoding the signal and obtaining the authentication initiating message, retrieving the application identifier, presenting a human interpretable representation of the application identity to the user, obtaining user approval to generate a response message available to a verification server, generating a dynamic security value using a cryptographic algorithm that is cryptographically linked to the application identity, and generating a response message including the generated dynamic security value; making the response message available to a verification server; and, at the verification server, receiving the response message, verifying the response message including verifying the validity of the dynamic security value, and communicating the result of the verification of the response message to the application.
482 Citations
18 Claims
-
1. A method for securing interaction with an application by a user who remotely accesses said application through an access device that is connected to an application server hosting said application, comprising the steps of:
-
at a user authentication device capturing a signal emitted by the access device, said signal encoded with an authentication initiating message, said authenticating initiating message comprising at least an application identifier corresponding to an identity of the application; at the user authentication device decoding said signal and obtaining the authentication initiating message; at the user authentication device retrieving from the authentication initiating message the application identifier; at the user authentication device using the application identifier to obtain a human interpretable representation of the application identity and presenting the obtained application identity representation to the user using a user output interface of the user authentication device; at the user authentication device obtaining from the user, using a user input interface of the user authentication device, an approval for generating a response message and making the response message available to a verification server; at the user authentication device generating a dynamic security value using a first cryptographic algorithm parameterized with a cryptographic dynamic security value generation key and using at least one personalized data element that is associated with the particular user or the particular user authentication device, wherein the generated dynamic security value is cryptographically linked to the application identity presented to the user; at the user authentication device generating a response message comprising at least the generated dynamic security value; making the generated response message available to a verification server; at the verification server receiving the response message; verifying the response message including verifying the validity of the dynamic security value; communicating the result of the verification of the response message to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for generating authentication credentials comprising:
-
a processing component adapted for processing data; a storage component for storing data; a user interface component comprising a first user output interface for presenting outputs to a user and an input user interface for receiving input from the user; and a data input interface adapted to capture a signal emitted by a second user output interface of an access device that the user is using for remotely accessing an application over a computer network, said signal encoded with an authentication initiating message, said authenticating initiating message comprising at least an application identifier corresponding to an identity of said application;
whereby the apparatus is adapted to decode said signal and obtain the authentication initiating message;retrieve from the authentication initiating message the application identifier; use the application identifier to obtain a human interpretable representation of the application identity and present the obtained application identity representation to the user using the first user output interface; obtain from the user, using the user input interface, an approval for generating a response message and making the response message available to a verification server; generate a dynamic security value using a first cryptographic algorithm parameterized with a cryptographic dynamic security value generation key and using at least one personalized data element that is associated with the user or the apparatus, wherein the generated dynamic security value is cryptographically linked to the application identity presented to the user; and generate a response message comprising at least the generated dynamic security value. - View Dependent Claims (16, 17, 18)
-
Specification